b'              U.S. Department of Energy\n              Office of Inspector General\n              Office of Inspections and Special Inquiries\n\n\n\n\nInspection Report\nInternal Controls Over Sensitive\nCompartmented Information Access\nfor Selected Field Intelligence\nElements\n\n\n\n\nDOE/IG-0796                                   July 2008\n\x0c\x0c\x0cINTERNAL CONTROLS OVER SENSITIVE COMPARTMENTED\nINFORMATION ACCESS FOR SELECTED FIELD\nINTELLIGENCE ELEMENTS\n\n\n\nTABLE OF\nCONTENTS\n\n\n              OVERVIEW\n\n              Introduction and Objective     1\n\n              Observations and Conclusions   2\n\n\n              DETAILS OF FINDINGS\n\n              Background                     3\n\n              Database Issues                3\n\n              Improper Facility Access       4\n\n              Los Alamos SCI Access\n              Authorization Termination      6\n\n\n              RECOMMENDATIONS                7\n\n\n              MANAGEMENT COMMENTS            7\n\n\n              INSPECTOR COMMENTS             7\n\n\n              APPENDICES\n\n              A. Scope and Methodology       8\n\n              B. Prior Reports               9\n\n              C. Management Comments         10\n\x0cOverview\n\nINTRODUCTION    As a member of the U.S. Government\xe2\x80\x99s Intelligence Community,\nAND OBJECTIVE   the Department of Energy (DOE) serves as the premier technical\n                intelligence resource in the areas of nuclear weapons,\n                nonproliferation, energy, science, and technology, as well as\n                emerging nuclear threats. In addition to providing intelligence\n                analyses, DOE offers specialized technology and operational\n                support to both intelligence and law enforcement agencies.\n\n                DOE accomplishes its intelligence mission by drawing from\n                technical expertise located throughout the Department complex,\n                including the national laboratories. This necessitates\n                Department-affiliated personnel having access to sensitive\n                compartmented information (SCI), which is a designation given to\n                classified information derived from intelligence sources, methods,\n                or analytical processes that are required to be handled through\n                designated access control systems.\n\n                DOE\xe2\x80\x99s Office of Intelligence and Counterintelligence is\n                responsible for granting SCI access authorization to DOE-affiliated\n                personnel who need access to intelligence information.\n                Individuals must have an active Top Secret or \xe2\x80\x9cQ\xe2\x80\x9d clearance to be\n                granted and maintain SCI access authorization. The Office of\n                Intelligence and Counterintelligence maintains an SCI personnel\n                database called Lockbox. This database directly \xe2\x80\x9cfeeds\xe2\x80\x9d into and\n                supports the official national SCI personnel database. The Office\n                of Inspector General recently completed an inspection of internal\n                controls associated with the 969 individuals on a DOE\n                Headquarters SCI access roster. We identified issues with\n                (1) individuals who had left the Department or had been debriefed\n                from the SCI program remaining on the Department\xe2\x80\x99s SCI roster\n                and (2) the execution of debriefing responsibilities by the Office of\n                Intelligence and Counterintelligence.\n\n                To complement this inspection, we initiated a review of local Field\n                Intelligence Elements that the Office of Intelligence and\n                Counterintelligence maintains at several DOE sites in support of its\n                intelligence mandate. These field sites have local SCI personnel\n                databases, as well as local databases to control physical access\n                systems, e.g., badge readers, for local SCI facilities. The objective\n                of the inspection was to determine the adequacy of internal\n                controls over access to intelligence information at two of these\n                Field Intelligence Elements, Los Alamos National Laboratory\n\n\n\nPage 1                                    Internal Controls Over Sensitive\n                                          Compartmented Information Access\n                                          for Selected Field Intelligence\n                                          Elements\n\x0c                   (Los Alamos) and Sandia National Laboratories (Sandia).\n                   According to Lockbox, as of October 1, 2007, there were 2,361\n                   DOE SCI access holders at these facilities: 856 at Los Alamos and\n                   1,505 at Sandia.\n\nOBSERVATIONS AND   We concluded that the Office of Intelligence and Counterintelligence\nCONCLUSIONS        and the subordinate Field Intelligence Elements at Los Alamos and\n                   Sandia did not have adequate administrative internal controls over\n                   their databases used to track SCI access authorizations. Based on\n                   our comparison of Lockbox and four local databases containing the\n                   names, authorizations, and facility accesses of Los Alamos and\n                   Sandia SCI access holders, we found that:\n\n                   \xe2\x80\xa2   The SCI personnel databases used by the Office of Intelligence\n                       and Counterintelligence, Los Alamos, and Sandia contained\n                       numerous errors, including incorrect database entries and\n                       failures to update information relevant to SCI access, which\n                       could lead to security incidents such as the one described\n                       below;\n\n                   \xe2\x80\xa2   An individual physically accessed a Los Alamos SCI facility\n                       without escort after her SCI access authorization was\n                       terminated. Further, Los Alamos Field Intelligence Element\n                       officials did not report the security incident to the required\n                       Office of Intelligence and Counterintelligence official; and,\n\n                   \xe2\x80\xa2   The Los Alamos Field Intelligence Element had not terminated\n                       the SCI access authorizations of 13 individuals whose\n                       personnel security clearances had been terminated up to 10\xc2\xbd\n                       months previously.\n\n                   We note that in addition to the previously cited review of internal\n                   controls over SCI access authorizations on a DOE Headquarters\n                   access roster, other past reviews by the Office of Inspector General\n                   at Los Alamos and Sandia identified weaknesses in the internal\n                   controls intended to ensure that security clearances and access\n                   authorizations were terminated appropriately and expeditiously. A\n                   list of the associated reports is located at Appendix B.\n\n\n\n\nPage 2                                               Observations and Conclusions\n\x0cDetails of Findings\n\nBACKGROUND            Individuals entering one or more SCI programs go through a series\n                      of in-processing actions. These actions are outlined in Director of\n                      Central Intelligence Directive (DCID) No. 6/1 (previously 1/19),\n                      \xe2\x80\x9cSecurity Policy for Sensitive Compartmented Information and\n                      Security Policy Manual.\xe2\x80\x9d They include being sponsored, being\n                      administratively reviewed and approved by Office of Intelligence\n                      and Counterintelligence officials, receiving one or more video\n                      briefs, and reviewing Form 4414 (EF), \xe2\x80\x9cSensitive Compartmented\n                      Information Nondisclosure Agreement.\xe2\x80\x9d After reviewing the form,\n                      the individual signs and dates it to acknowledge an understanding\n                      of his/her security responsibilities. The individual also signs and\n                      dates the \xe2\x80\x9cBrief\xe2\x80\x9d block acknowledging receipt of the required\n                      briefings. DCID 6/1 states \xe2\x80\x9cFailure to sign an NdA [Nondisclosure\n                      Agreement] is cause for denial or revocation of existing SCI\n                      access. The NdA establishes explicit obligations on both the\n                      government and the individual signer for the protection of SCI.\xe2\x80\x9d\n\n                      When an individual no longer requires SCI access, the individual is\n                      to be debriefed on his/her continuing responsibility to safeguard\n                      SCI information. The individual then reviews the SCI\n                      Nondisclosure Agreement form and signs and dates the form in the\n                      \xe2\x80\x9cDebrief\xe2\x80\x9d block. The individual\xe2\x80\x99s SCI access authorization is\n                      considered to be terminated at this point.\n\n                      We reviewed five databases. Los Alamos\xe2\x80\x99 and Sandia\xe2\x80\x99s local\n                      personnel databases were compared with Lockbox to determine if\n                      information relating to individuals with SCI access authorizations was\n                      accurate and consistent. The remaining two databases were associated\n                      with Los Alamos and Sandia SCI facility physical access systems and\n                      were reviewed to verify that personnel who were recently debriefed\n                      had not gained unescorted access to Laboratory SCI facilities.\n\nDATABASE ISSUES       We found that the SCI personnel databases used by the Office of\n                      Intelligence and Counterintelligence, Los Alamos, and Sandia\n                      contained numerous errors, which could lead to security incidents\n                      such as the one described in the next section. Specifically, we\n                      identified 103 errors in Lockbox and local Los Alamos and Sandia\n                      personnel SCI access databases, including incorrect database entries\n                      and failures to update information relevant to SCI access. Of these\n                      identified errors:\n\n                         \xe2\x80\xa2   Six of the Lockbox errors were individuals who still had\n                             active SCI access authorizations even though they had been\n                             formally debriefed from SCI programs;\n\n\n\nPage 3                                                             Details of Findings\n\x0c                       \xe2\x80\xa2   Twenty of the Lockbox errors were individuals who were not\n                           entered, some for prolonged periods of time, to show that\n                           they were authorized to access SCI information;\n\n                       \xe2\x80\xa2   In several instances, Lockbox data boxes were inaccurately\n                           checked, preventing parties/organizations external to the\n                           Office of Intelligence and Counterintelligence from viewing\n                           the correct status of an individual\xe2\x80\x99s actual SCI access\n                           authorization; and,\n\n                       \xe2\x80\xa2   In some instances, the local databases contained inaccurate\n                           entries. For example, both Sandia and Los Alamos had wrong\n                           debriefing dates, and Sandia had instances where individuals\n                           whose SCI access requests had been denied or cancelled\n                           showed as being \xe2\x80\x9cActive\xe2\x80\x9d in the local SCI personnel database.\n                           (We did not find any evidence that any of these individuals\n                           had been SCI briefed or given unauthorized access to SCI\n                           information.)\n\n                    We were told that some of these errors occurred when the Office of\n                    Intelligence and Counterintelligence combined four separate\n                    databases into one, Lockbox, in November 2006. We determined\n                    that Sandia submitted corrections in August 2007 and Los Alamos\n                    in October 2007. On December 4, 2007, we found that not all of\n                    the corrections had been made by the Office of Intelligence and\n                    Counterintelligence. However, at the conclusion of our inspection,\n                    all database issues had been corrected at all three locations.\n\n                    In discussing the accuracy of Lockbox with an Office of Intelligence\n                    and Counterintelligence senior official, we were told that the office\n                    had experienced a 300 percent increase in workload the last 2 years\n                    with no increase in manpower. We were told that this had led to\n                    delays with inputting SCI access information, delays in correcting\n                    identified errors, and an inability to perform sufficient quality\n                    assurance/control on the database.\n\nIMPROPER FACILITY   We also found that an individual physically accessed a Los Alamos\nACCESS              SCI facility without escort after her SCI access authorization was\n                    terminated. Further, Los Alamos Field Intelligence Element\n                    officials did not report the security incident to the required Office\n                    of Intelligence and Counterintelligence official.\n\n                    On November 5, 2007, during our review of the Los Alamos SCI\n                    facility physical access system, we discovered that an individual who\n\n\n\nPage 4                                                            Details of Findings\n\x0c         was debriefed from the SCI program on November 8, 2006, gained\n         unescorted access to a Los Alamos SCI facility on November 9,\n         2006, contrary to DOE policy. Procedures are supposed to be\n         established to remove \xe2\x80\x9can individual\xe2\x80\x99s authorization to enter an area\n         when the individual is transferred, terminated, or the individual\xe2\x80\x99s\n         access is suspended, revoked, or downgraded to a level below that\n         required for entry.\xe2\x80\x9d We immediately reported this previously\n         undiscovered incident to Los Alamos officials. We were told that a\n         Los Alamos Field Intelligence Element official subsequently\n         initiated a telephonic conversation with the former employee.\n         Reportedly, the individual told this official that she had returned to\n         complete out-processing documentation. Another Los Alamos Field\n         Intelligence Element official determined that the individual was able\n         to gain access because her badge access authorization was not\n         immediately removed from the Element\xe2\x80\x99s SCI facility physical\n         access system. Her facility access was not terminated until\n         November 13, 2006, and no one had reviewed whether she had\n         accessed the facility in the intervening period of time.\n\n         We also determined that the Office of Intelligence and\n         Counterintelligence Special Security Officer had not been\n         informed of the security incident by the Los Alamos Field\n         Intelligence Element, as required. After the Office of Inspector\n         General identified the issue to the Special Security Officer, the\n         Office of Intelligence and Counterintelligence requested additional\n         information from Los Alamos. Los Alamos subsequently reported\n         to the Special Security Officer that the security lapse occurred due\n         to a series of events, to include the checklist executed for departing\n         employees being reviewed and initialed as completed prior to\n         collection of the employee\xe2\x80\x99s badge and deactivation of the\n         employee\xe2\x80\x99s access in the badge reader system.\n\n         On January 14, 2008, the Office of Intelligence and\n         Counterintelligence received an e-mail from Los Alamos stating\n         that action was taken to ensure that no item on the checklist\n         executed for departing employees is initialed as completed until\n         the action has actually been completed. Based on this notification,\n         the Office of Intelligence and Counterintelligence official said that\n         all required actions had been completed.\n\n\n\n\nPage 5                                                  Details of Findings\n\x0cLOS ALAMOS      Finally, we found that the Los Alamos Field Intelligence Element\nSCI ACCESS      had not terminated the SCI access authorizations of 13 individuals\nAUTHORIZATION   whose personnel security clearances had been terminated up to\nTERMINATION     10\xc2\xbd months previously. This appeared to be the result of the\n                Element not having an effective means of being kept apprised of\n                employee and personnel security clearance terminations.\n                Specifically, the Element only had limited coordination with the Los\n                Alamos entities handling employee and personnel security clearance\n                terminations. In contrast, we noted that the Sandia Field Intelligence\n                Element had taken actions to improve its integrated controls by\n                establishing daily coordination with Sandia\xe2\x80\x99s Human Resources\n                organization.\n\n                We also observed that this condition has the potential to result in the\n                over-use of \xe2\x80\x9cadministrative debriefings\xe2\x80\x9d by the Element.\n                Administrative debriefings, which entail an authorized official\n                annotating the SCI Nondisclosure Agreement with \xe2\x80\x9cUnavailable for\n                Signature/Administrative Debrief,\xe2\x80\x9d are only supposed to be used\n                when all means to properly inform an individual of his/her\n                continuing SCI access responsibilities have failed. The overuse of\n                administrative debriefings has been cited in previous Office of\n                Inspector General reports. We identified seven administrative\n                debriefings at Los Alamos during this current review. Los Alamos\n                contended that it only executed an administrative debriefing when it\n                had exhausted identified methods to contact the individual to obtain\n                a signature. While this may be true, we believe that Los Alamos\n                might have more success actually debriefing individuals if it had\n                more timely notification of individuals\xe2\x80\x99 departure.\n\n                A Los Alamos Field Intelligence Element official acknowledged\n                that a week or a month could pass without his office being notified\n                concerning the termination of an employee who had SCI access.\n                He said that sometimes his office was not even notified of an\n                individual\xe2\x80\x99s death. He also acknowledged that there were other\n                Laboratory organizations that could assist with this issue. We\n                believe that the Los Alamos Field Intelligence Element should\n                coordinate with appropriate Laboratory organizations, such as the\n                Human Resources and Personnel Security offices, in order to\n                strengthen internal controls over SCI access authorizations.\n\n\n\n\nPage 6                                                         Details of Findings\n\x0cRECOMMENDATIONS   We recommend that the Director, Office of Intelligence and\n                  Counterintelligence, ensures that:\n\n                  1. SCI access authorization information is processed in Lockbox\n                     in an accurate, timely, and complete manner.\n\n                  2. Lockbox and local databases are subjected to a periodic quality\n                     assurance/control regimen.\n\n                  3. Los Alamos Field Intelligence Element officials receive\n                     refresher training concerning security incidents, with specific\n                     emphasis on security incident reporting.\n\n                  4. The Los Alamos Field Intelligence Element establishes\n                     procedures with other Laboratory organizations to obtain\n                     timely notification concerning the termination of Laboratory\n                     personnel and personnel security clearances in order to ensure\n                     the timely termination of SCI access authorizations and\n                     minimize administrative debriefings.\n\nMANAGEMENT        In comments on a draft of this report, the Office of Intelligence and\nCOMMENTS          Counterintelligence concurred with the report recommendations.\n                  Management identified corrective actions that have been or will be\n                  taken to address our recommendations. Management\xe2\x80\x99s comments\n                  are included in their entirety at Appendix C.\n\nINSPECTOR         We consider management\xe2\x80\x99s comments to be generally responsive\nCOMMENTS          to our recommendations.\n\n\n\n\nPage 7                                                    Recommendations\n                                         Management and Inspector Comments\n\x0cAppendix A\n\nSCOPE AND     We conducted our inspection fieldwork between September and\nMETHODOLOGY   December 2007. We looked at the Field Intelligence Elements that\n              were administered in association with Los Alamos and Sandia.\n              We interviewed officials from the Office of Intelligence and\n              Counterintelligence, Los Alamos, and Sandia regarding DOE and\n              local SCI-related policy, standard operating procedures, paper\n              files, and electronic databases. We reviewed applicable Director\n              of Central Intelligence; National Nuclear Security Administration\n              Service Center; Office of Intelligence and Counterintelligence; and\n              Laboratory policies, procedures, electronic databases, and paper\n              files.\n\n              We also compared five databases, three concerning SCI personnel\n              access authorizations and two concerning physical access to SCI\n              facilities; reviewed relevant Field Intelligence Element-related SCI\n              personnel data entries; and in the case of SCI facility access,\n              conducted a judgmental sample involving recently debriefed SCI\n              access authorized personnel. At Los Alamos, we reviewed 76 of\n              143 database files concerning SCI debriefed individuals and SCI\n              facility access; and at Sandia, 100 of 195. During our inspection,\n              we observed operations at Los Alamos and Sandia National\n              Laboratory-New Mexico SCI facilities, and we reviewed data for\n              both of these sites as well as for Sandia National Laboratory-\n              California.\n\n              Also, pursuant to the \xe2\x80\x9cGovernment Performance and Results Act\n              of 1993,\xe2\x80\x9d we determined the Los Alamos and Sandia contractual\n              performance measure processes did not address access control\n              issues relating to the Field Intelligence Elements or their\n              operations. However, the Office of Intelligence and\n              Counterintelligence and DOE\xe2\x80\x99s Office of Independent Oversight\n              evaluate a number of physical security topics that relate to Field\n              Intelligence Element operations.\n\n              This inspection was conducted in accordance with the \xe2\x80\x9cQuality\n              Standards for Inspections\xe2\x80\x9d issued by the President\xe2\x80\x99s Council on\n              Integrity and Efficiency.\n\n\n\n\nPage 8                                                Scope and Methodology\n\x0cAppendix B\n\nPRIOR REPORTS   The following Office of Inspector General reports involved work related\n                to this inspection:\n\n                \xe2\x80\xa2    \xe2\x80\x9cOffice of Intelligence and Counterintelligence Internal Controls\n                     Over the Department of Energy\xe2\x80\x99s Sensitive Compartmented\n                     Information Access Program\xe2\x80\x9d (DOE/IG-0790, March 2008);\n\n                \xe2\x80\xa2    \xe2\x80\x9cBadge Retrieval and Security Clearance Termination at Sandia\n                     National Laboratory-New Mexico\xe2\x80\x9d (DOE/IG-0724, April 2006);\n                     and,\n\n                \xe2\x80\xa2    \xe2\x80\x9cSecurity and Other Issues Related to Out-Processing of\n                     Employees at Los Alamos National Laboratory\xe2\x80\x9d (DOE/IG-0677,\n                     February 2005).\n\n\n\n\nPage 9                                                                   Prior Reports\n\x0cAppendix C\n\n\n\n\nPage 10      Management Comments\n\x0cAppendix C\n\n\n\n\nPage 11      Management Comments\n\x0cAppendix C\n\n\n\n\nPage 12      Management Comments\n\x0cAppendix C\n\n\n\n\nPage 13      Management Comments\n\x0c                                                                    IG Report No. DOE/IG-0796\n\n\n\n                           CUSTOMER RESPONSE FORM\n\nThe Office of Inspector General has a continuing interest in improving the usefulness of its\nproducts. We wish to make our reports as responsive as possible to our customers\xe2\x80\x99 requirements,\nand, therefore, ask that you consider sharing your thoughts with us. On the back of this form,\nyou may suggest improvements to enhance the effectiveness of future reports. Please include\nanswers to the following questions if they are applicable to you:\n\n1. What additional background information about the selection, scheduling, scope, or\n   procedures of the inspection would have been helpful to the reader in understanding this\n   report?\n\n2. What additional information related to findings and recommendations could have been\n   included in the report to assist management in implementing corrective actions?\n\n3. What format, stylistic, or organizational changes might have made this report\xe2\x80\x99s overall\n   message clearer to the reader?\n\n4. What additional actions could the Office of Inspector General have taken on the issues\n   discussed in this report, which would have been helpful?\n\n5. Please include your name and telephone number so that we may contact you should we have\n   any questions about your comments.\n\n\nName                                          Date\n\nTelephone                                     Organization\n\n\nWhen you have completed this form, you may telefax it to the Office of Inspector General at\n(202) 586-0948, or you may mail it to:\n\n                               Office of Inspector General (IG-1)\n                                     Department of Energy\n                                    Washington, DC 20585\n\n                                  ATTN: Customer Relations\n\nIf you wish to discuss this report or your comments with a staff member of the Office of\nInspector General, please contact Judy Garland-Smith at (202) 586-7828.\n\x0cThe Office of Inspector General wants to make the distribution of its reports as customer friendly\nand cost effective as possible. Therefore, this report will be available electronically through the\n                                Internet at the following address:\n\n               U.S. Department of Energy Office of Inspector General Home Page\n\n                                     http://www.ig.energy.gov\n\n   Your comments would be appreciated and can be provided on the Customer Response Form\n                                  attached to the report.\n\x0c'